Comments 0

Document transcript

The object of this paper is to give the reader a “rough” idea of what Elliptic Curves areand how they are used in Cryptography. It is not intended to be mathematically rigorous.

Roughly speaking, anElliptic Curve

is a set of point on a curve2 3y x ax b  

givencertain real numbersa

andb. For example

Elliptic Curve Groups: The set of points on an elliptic curve, plus a special point

formand additive group. The addition of two points on an elliptic curve is definedgeometrically, as shown in the followingexample.

Elliptic Curve Encryption Algorithms

depend on the difficulty of calculatingkP

wherekis a product of two large primes andP

is an element in the Elliptic Curve Group.Geometrically to add a pointP

to it self you first construct the tangent line to the curveat the point. Then the line will intersect the curve at only one point, and the addition of2Pis then defined to be the negative of the point of intersection as seen below.

Elliptic curve groups over real numbers are not practical for cryptography due toslowness of calculations and round-off error. This Elliptic Curves Over Finite Fields areused. An elliptic curve over a finite fieldpF

of characteristic greater than three can beformed by choosing the variablesaandb

within the fieldpF.

Roughly speaking the elliptic curve is then the set of points(,)x y

which satisfy theelliptic curve equation2 3y x ax b  

modulop, where,px y F; together with aspecial point. If3x ax b 

contains no repeated factors, or equivalently if3 24 27 0(mod )a b p , then these points form a group.

Obviously we no longer have a curve to define our addition geometrically. Emulating thegeometric construction for addition, the formulas for addition overpF

(characteristic 3)are given as follows: Let1 1(,)P x y

and2 2(,)Q x y

be elements of the ECG. Then3 3(,)P Q x y , where

and

These formulas can be easily calculated with computers. For field of characteristic 2 theequations for addition are worse!

23 1 2x x x  3 1 3 1( )y x x y  

2 12 121132y yif P Qx xx aif P QyAt the heart of every cryptosystem is a hard mathematical problem that iscomputationally infeasible to solve. The Discrete Logarithm Problem is the basis for thesecurity of many cryptosystem including the Elliptic Curve Cryptosystem.

Definition of the Discrete Logarithm Problem:

In the multiplication grouppF, the discrete logarithm problem that is: Givenelementsr

andq

inpF, find a number k such that(mod )r qk p.

Similarly the Elliptic Curve Discrete Logarithm Problem is: Given points P and Qin an ECG over

a finite field find an integer k such thatPk Q. Here k is calledthe discrete log of Q to the base P.

This doesn’t seem like a difficult problem, but if you don’t know what k is calculatingPk Q

takes roughly22k

operations. So if k is say, 160 bits long, then it would takeabout802

operations!! To put this into perspective, if you could do a billion operationsper second, this would take about 38 million years. This is a huge savings over thestandard public key encryption system where 1024 and 3074 bit keys are recommended.The smaller size of the keys for Elliptic Curve Encryption makes it idea for applicationssuch as encrypting cell-phone calls, credit

card transactions, and other applications wherememory and speed are an issue. There are pros and cons to both ECC and RSAencryption. ECC is faster then RSA for signing and decryption, but slower than RSA forsignature verification and encryption. Much of the material used in this paper can befound in the websites listed in the references.